In 2017 has the cyber landscape changed? What are the objectives of hackers? What are their methods? The variety of attacks used has increased, so how can you mitigate the risk?

Hackers can have many different possible objectives. For instance, they may aim to interrupt business, corrupt data, steal information – or even all of these at the same time.

To reach their goals, they continuously look for any vulnerability – and will use any vulnerability – to attack. They’re getting increasingly smarter and always looking for more, faster and easier ways to strike.

Furthermore, their attacks are no longer designed simply to deny service but to deny security. The initial service denial attack is often used as a camouflage to mask further – and potentially more sinister – activities.

These include data theft, network infiltration, data exfiltration, networks being mapped for vulnerabilities, and a whole host of other potential risks.

These types of attacks are often referred to as ‘Dark DDoS’ because of initial smokescreen attack which acts to distract organisations from the real breach that’s taking place.

In a large proportion of recent data breaches, DDoS (distributed denial of service attacks) have been occurring simultaneously – as a component of a wider strategy – meaning hackers are utilising this technique in a significant way.

According to a report by SurfWatch Labs, DDoS attacks rose 162% in 2016. SurfWatch Labs claims this is due to the increasing use of IoT devices and the attacks on the KrebsOnSecurity.com and on domain name provider, Dyn – believed to be some of the biggest DDoS attacks ever recorded.

Last year, France was also hit by one of the largest DDoS attacks when hosting company, OVH, was targeted through 174,000 connected cameras.

Today’s hackers have developed a high variety of DNS attacks that fall into three main categories:

Volumetric DoS attacks

An attempt to overwhelm the DNS server by flooding it with a very high number of requests from one or multiple sources, leading to degradation or unavailability of the service.

Stealth/slow drip DoS attacks

Low-volume of specific DNS requests causing capacity exhaustion of outgoing query processing, leading to degradation or unavailability of the service.

The DNS protocol is used to encapsulate data in order to remotely control malware or/and the exfiltration of data.

Protocol anomalies

DNS Attacks based on malformed queries, intending to crash the service.

DNS cache poisoning

Attacks introducing data into a DNS resolver’s cache, causing the name server to return an incorrect IP address and diverting traffic to the attacker’s computer.

The DNS landscape security is continuously moving and DNS attacks are becoming more and more sophisticated, combining multiple attack vectors at the same time.

Today’s DDoS attacks are almost unrecognisable from the simple volumetric attacks that gave the technique its name. In 2017, they have the power to wreak significant damage – as all those affected by the Dyn breach last year will testify – they are far more sophisticated, deceptive and frequent.

To keep ahead of these threats, today’s security solutions must continuously protect against a family of attacks rather than a limited list of predefined attacks that must be frequently updated or tuned.